Re: Common header for security blobs

From: Stephen Smalley (sdsat_private)
Date: Thu Sep 06 2001 - 13:51:32 PDT

  • Next message: Chris Wright: "Re: Common header for security blobs"

    On Thu, 6 Sep 2001, Greg KH wrote:
    
    > If not, the overhead of having another void * indirection, and a search
    > on a list of 1 member (another indirection), would not be nice for those
    > people concerned with speed issues.
    
    Actually, would it really require this overhead?  You can embed the
    common header at the beginning of your module's private security
    blob structure, and if you only have one module, then you'll match
    on the first comparison with the module id, so there won't be any
    list searching.  The header would be:
    
    struct security_obj_header {
    	unsigned int id;
    	struct list_head s_list;
    };
    
    The module would define its own structure, e.g.
    
    struct my_module_security_obj {
    	struct security_obj_header header;
    	my_module_private_state;
    };
    
    and use this structure for its objects.
    
    On a hook call, the module would check the id in the first header
    referenced by obj->security, and if it matched, it would just cast
    the obj to my_module_security_obj and use it.  No extra dereferencing
    and no list searches.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 13:52:29 PDT